rpms/libcap-ng/F-12 libcap-ng-0.6.3-euid.patch, NONE, 1.1 libcap-ng.spec, 1.12, 1.13
Steve Grubb
sgrubb at fedoraproject.org
Sat Oct 3 13:10:37 UTC 2009
- Previous message (by thread): rpms/gcolor2/F-11 gcolor2-0.4-missing-includes.patch, NONE, 1.1 gcolor2.spec, 1.1, 1.2
- Next message (by thread): rpms/konversation/devel .cvsignore, 1.11, 1.12 konversation.spec, 1.35, 1.36 sources, 1.11, 1.12 konversation-1.2-ircview_autoexpand.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sgrubb
Update of /cvs/pkgs/rpms/libcap-ng/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5194
Modified Files:
libcap-ng.spec
Added Files:
libcap-ng-0.6.3-euid.patch
Log Message:
* Sat Oct 03 2009 Steve Grubb <sgrubb at redhat.com> 0.6.2-2
- Apply patch correcting pscap and netcap acct detection
libcap-ng-0.6.3-euid.patch:
netcap.c | 31 ++++++++++++++++++++++++++-----
pscap.c | 41 +++++++++++++++++++++++++++++++++--------
2 files changed, 59 insertions(+), 13 deletions(-)
--- NEW FILE libcap-ng-0.6.3-euid.patch ---
diff -urp libcap-ng-0.6.2/utils/netcap.c libcap-ng-0.6.3/utils/netcap.c
--- libcap-ng-0.6.2/utils/netcap.c 2009-07-26 08:16:16.000000000 -0400
+++ libcap-ng-0.6.3/utils/netcap.c 2009-10-03 08:36:30.000000000 -0400
@@ -31,7 +31,6 @@
#include <string.h>
#include <dirent.h>
#include <fcntl.h>
-#include <sys/stat.h>
#include <pwd.h>
#include "cap-ng.h"
#include "proc-llist.h"
@@ -56,12 +55,12 @@ static int collect_process_info(void)
return 1;
}
while (( ent = readdir(d) )) {
+ FILE *sf;
int pid, ppid;
capng_results_t caps;
char buf[100];
char *tmp, cmd[16], state, *text, *bounds;
- int fd, len;
- struct stat sb;
+ int fd, len, euid;
// Skip non-process dir entries
if(*ent->d_name<'0' || *ent->d_name>'9')
@@ -77,7 +76,6 @@ static int collect_process_info(void)
if (fd < 0)
continue;
len = read(fd, buf, sizeof buf - 1);
- fstat(fd, &sb);
close(fd);
if (len < 40)
continue;
@@ -109,6 +107,29 @@ static int collect_process_info(void)
text = capng_print_caps_text(CAPNG_PRINT_BUFFER,
CAPNG_PERMITTED);
+ // Get the effective uid
+ snprintf(buf, 32, "/proc/%d/status", pid);
+ sf = fopen(buf, "rt");
+ if (sf == NULL)
+ euid = 0;
+ else {
+ int line = 0;
+ __fsetlocking(sf, FSETLOCKING_BYCALLER);
+ while (fgets(buf, sizeof(buf), sf)) {
+ if (line == 0) {
+ line++;
+ continue;
+ }
+ if (memcmp(buf, "Uid:", 4) == 0) {
+ int id;
+ sscanf(buf, "Uid: %d %d",
+ &id, &euid);
+ break;
+ }
+ }
+ fclose(sf);
+ }
+
// Now record the bounding set information
if (caps == CAPNG_PARTIAL) {
caps = capng_have_capabilities(CAPNG_SELECT_BOUNDS);
@@ -170,7 +191,7 @@ static int collect_process_info(void)
continue;
node.ppid = ppid;
node.pid = pid;
- node.uid = sb.st_uid;
+ node.uid = euid;
node.cmd = strdup(cmd);
node.inode = inode;
node.capabilities = strdup(text);
diff -urp libcap-ng-0.6.2/utils/pscap.c libcap-ng-0.6.3/utils/pscap.c
--- libcap-ng-0.6.2/utils/pscap.c 2009-08-16 08:29:37.000000000 -0400
+++ libcap-ng-0.6.3/utils/pscap.c 2009-10-03 08:36:57.000000000 -0400
@@ -23,12 +23,12 @@
#include "config.h"
#include <stdio.h>
+#include <stdio_ext.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <dirent.h>
#include <fcntl.h>
-#include <sys/stat.h>
#include <pwd.h>
#include "cap-ng.h"
@@ -69,11 +69,10 @@ int main(int argc, char *argv[])
return 1;
}
while (( ent = readdir(d) )) {
- int pid, ppid, uid = -1;
+ int pid, ppid, uid = -1, euid;
char buf[100];
char *tmp, cmd[16], state, *name = NULL;
int fd, len;
- struct stat sb;
struct passwd *p;
// Skip non-process dir entries
@@ -90,7 +89,6 @@ int main(int argc, char *argv[])
if (fd < 0)
continue;
len = read(fd, buf, sizeof buf - 1);
- fstat(fd, &sb);
close(fd);
if (len < 40)
continue;
@@ -120,20 +118,47 @@ int main(int argc, char *argv[])
// And print out anything with capabilities
caps = capng_have_capabilities(CAPNG_SELECT_CAPS);
if (caps > CAPNG_NONE) {
+ // Get the effective uid
+ FILE *f;
+ int line;
+ snprintf(buf, 32, "/proc/%d/status", pid);
+ f = fopen(buf, "rt");
+ if (f == NULL)
+ euid = 0;
+ else {
+ line = 0;
+ __fsetlocking(f, FSETLOCKING_BYCALLER);
+ while (fgets(buf, sizeof(buf), f)) {
+ if (line == 0) {
+ line++;
+ continue;
+ }
+ if (memcmp(buf, "Uid:", 4) == 0) {
+ int id;
+ sscanf(buf, "Uid: %d %d",
+ &id, &euid);
+ break;
+ }
+ }
+ fclose(f);
+ }
+
+ len = read(fd, buf, sizeof buf - 1);
+ close(fd);
if (header == 0) {
printf("%-5s %-5s %-10s %-16s %s\n",
"ppid", "pid", "name", "command",
"capabilities");
header = 1;
}
- if (sb.st_uid == 0) {
+ if (euid == 0) {
// Take short cut for this one
name = "root";
uid = 0;
- } else if (uid != (int)sb.st_uid) {
+ } else if (euid != uid) {
// Only look up if name changed
- p = getpwuid(sb.st_uid);
- uid = sb.st_uid;
+ p = getpwuid(euid);
+ uid = euid;
if (p)
name = p->pw_name;
// If not taking this branch, use last val
Index: libcap-ng.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libcap-ng/F-12/libcap-ng.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -p -r1.12 -r1.13
--- libcap-ng.spec 28 Sep 2009 17:24:50 -0000 1.12
+++ libcap-ng.spec 3 Oct 2009 13:10:37 -0000 1.13
@@ -3,11 +3,12 @@
Summary: An alternate posix capabilities library
Name: libcap-ng
Version: 0.6.2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
URL: http://people.redhat.com/sgrubb/libcap-ng
Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
+Patch1: libcap-ng-0.6.3-euid.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: kernel-headers >= 2.6.11
BuildRequires: libattr-devel
@@ -49,6 +50,7 @@ lets you set the file system based capab
%prep
%setup -q
+%patch1 -p1
%build
%configure --libdir=/%{_lib}
@@ -107,6 +109,9 @@ rm -rf $RPM_BUILD_ROOT
%attr(0644,root,root) %{_mandir}/man8/*
%changelog
+* Sat Oct 03 2009 Steve Grubb <sgrubb at redhat.com> 0.6.2-2
+- Apply patch correcting pscap and netcap acct detection
+
* Mon Sep 28 2009 Steve Grubb <sgrubb at redhat.com> 0.6.2-1
- New upstream release
- Previous message (by thread): rpms/gcolor2/F-11 gcolor2-0.4-missing-includes.patch, NONE, 1.1 gcolor2.spec, 1.1, 1.2
- Next message (by thread): rpms/konversation/devel .cvsignore, 1.11, 1.12 konversation.spec, 1.35, 1.36 sources, 1.11, 1.12 konversation-1.2-ircview_autoexpand.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list